troubleshooting Question

Specifying User Password in Active Directory

Avatar of JKLCOM
JKLCOM asked on
Active DirectoryWindows Server 2008
4 Comments1 Solution864 ViewsLast Modified:
First, let me say that while I am experienced in LDAP, I am new to Active Directory.

My problem is that when I try to create a user in Active Directory (Windows Server 2008 R2 Standard) while logged in as an administrator and specifying the unicodePwd attribute (encoded properly with quotes, Unicode, Base64) in an LDIF file using ldifde on port 389, I get an "unwilling to perform" error.  Our outsourcing contractor is having the same issue from a Java program using JNDI.

We have also tried to create the user without the unicodePwd (which is successful), but trying to modify the password using another LDIF with ldifde fails with the same "unwilling to perform."

I understand that Active Directory requires password operations on a secure connection, but I have used dsmgmt to allow password changes on unsecured connections (by using the "allow passwd op on unsecured connection" command).  I have also disabled any password policies.

I then thought that maybe Active Directory requires password operations on a secure connection regardless of the dsmgmt command.  I went through the whole exercise of creating a standalone CA, trusting the CA certificate, creating a server certificate, importing the server certificate, etc, but I am unable to connect to AD using SSL on port 636 using ldp.

I have used the following links as reference:

https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_24521841.html
http://support.microsoft.com/kb/321051/en-us
http://support.microsoft.com/kb/931351
http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/f3de8600-cf4e-4a39-a42e-7f929e1b8d6d
http://social.technet.microsoft.com/Forums/en-GB/windowsserver2008r2general/thread/c0d13777-3f1b-4805-94a2-ac56f3cecbf3

I'm looking for any suggestions about the creating user problem or getting AD working over SSL.

I'd be glad to answer any questions about my current configuration, but please be very basic about what you want to know and how to get that information.  My background is in Unix, so I may not know what you are referring to unless it comes from a basic viewpoint.  Thanks.
ASKER CERTIFIED SOLUTION
ActiveDirectoryman

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros